Network nodes can use authentication facilities in transport layer communication protocols, such as Transmission Control Protocol Authentication Option (“TCP-AO”), in a data communications network to authenticate each other. TCP-AO addresses network security and key rollover methods.
TCP-AO provides security measures for a variety of TCP applications. For example, TCP-AO may be executed by the peering nodes that implement a network reachability protocol such as Border Gateway Protocol (“BGP”), TCP applications such as a Label Distribution Protocol (“LDP”), a Protocol Independent Multicast (“PIM”)-over-TCP, and Multicast Source Discovery Protocol (“MSDP”)-over-TCP, etc.
In a network using TCP-AO, when a BGP peer router suffers a cold reboot after an unexpected restart, the time period for the BGP peers to recover from the reboot and to set up new BGP sessions with the rebooted peer may require considerable time.
A prolonged delay in reestablishing BGP connectivity in a TCP-AO network is primarily due to the fact that, upon rebooting a BGP peer in the TCP-AO network, other BGP peers do not recognize connectionless reset (“RST”) segments sent by the rebooted BGP peer. Hence, upon a connectionless reset, other BGP peers do not try to reestablish communications sessions with the rebooted BGP peer for a relatively long period of time.
A connectionless TCP RST segment is an important part of the recovery process.
In a network with TCP-AO the connectionless TCP-RST segments are not recognized and not acted upon by the BGP peers. Therefore, the delay in reestablishing connectivity with a rebooted BGP router in a TCP-AO network may be considerably longer than in other networks.
Internet Request for Comments (RFC) 4727 describes graceful restart of a BGP router. However, the graceful restart approach may cause black-holing and looping issues. Due to these deficiencies, BGP graceful restart is not widely implemented.